I believe I may have found a way around inspecting the compiled code
for this check. The GNU compiler has the following option:
-fwrapv
This option instructs the compiler to assume that signed arithmetic
overflow of
addition, subtraction and multiplication wraps around using twos-complement
I understand if this patch may not be 100% correct, but if I read the
references correctly, the error is more of theoretical than practical concern
since this particular compiler optimization is not likely to be implemented in
the GNU compiler. Do we really think that GNU would include an optimi
On 05/13/2013 09:15 PM, Florian Weimer wrote:
> * Thijs Kinkhorst:
>
>> A buffer overflow in the proxy_pass module has been reported by
>> Nginx upstream, and a patch made available. Please see:
>> http://www.openwall.com/lists/oss-security/2013/05/13/3
>>
>> The issue is already fixed in the versi
* Thijs Kinkhorst:
> A buffer overflow in the proxy_pass module has been reported by
> Nginx upstream, and a patch made available. Please see:
> http://www.openwall.com/lists/oss-security/2013/05/13/3
>
> The issue is already fixed in the version in sid, and as far
> as I can see the code is not p
Package: nginx
Version: 1.2.1-2.2
Severity: serious
Tags: security patch
Hi,
A buffer overflow in the proxy_pass module has been reported by
Nginx upstream, and a patch made available. Please see:
http://www.openwall.com/lists/oss-security/2013/05/13/3
The issue is already fixed in the version i
5 matches
Mail list logo
